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BACKGROUND OF THE INVENTION 

1 . Field of the Invention 
1 5 The present invention relates to systems and methods for distributing video 

content using client to host pairing of integrated receivers/decoders (IRDs). 



2. Description of the Related Art 

Direct broadcast satellite (DBS) systems have become commonplace in recent 

20 years. DBS have been designed to ensure that only paying subscribers receive program 
materials transmitted by service providers. Among such systems are those which use a 
conditional access module (typically in the form of a smartcard) that can be removably 
inserted into the receiver. 

One of the disadvantages of existing DBS receivers is that every television 

25 requires a separate integrated receiver/decoder (IRD) and conditional access module in 
order to receive unique programming. Moreover, each of the IRDs requires a tuner and 
conditional access module in order to receive and decrypt the programming. In addition, 
each of the IRDs requires a disk drive or other non-volatile storage in order to provide 
digital video record (DVR) capabilities. All of these components drive up the cost of the 

30 IRDs. 
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Currently, there is no method of a host IRD with a conditional access module 
securely sharing content one or more client IRDs without a conditional access module. 
One of the key reasons is that the prior art provides no method for the service provider to 
selectively control authorized client IRDs. Service providers have no method of 

5 preventing widespread, and possible unauthorized, distribution of their program materials 
if several IRDs are networked together. 

The present invention describes an architecture that includes a central or host IRD 
and one or more lightweight secondary or client IRDs coupled thereto. The present 
invention also describes a method of encrypting the program materials between the IRDs 

10 in the network and a method for the host IRD to know which other client IRDs are 
allowed on the network using a host-client relationship. 

Since these client IRDs are known and trusted by the host IRD, then the host IRD 
can transmit program materials to the client IRDs. This means that the client IRDs would 
not require a tuner, conditional access module, or disk drive, since the host IRD is 

15 responsible for the reception, descrambling and storage of the program material, and the 
conditional access module associated with the host IRD is responsible for the reception of 
media encryption keys for program decryption by host and client IRDs. This allows 
distribution of the program materials throughout a household or other location at a 
significantly reduced cost as compared to other schemes, which require full IRDs for each 

20 individual subscriber. 

SUMMARY OF THE INVENTION 
In summary, the present invention describes a method, apparatus and article of 
manufacture for operatively pairing a host receiver and a client receiver in a direct 
25 broadcast satellite system. 

Program materials received by the host receiver from the direct broadcast satellite 
system are decrypted by the host receiver using a media encryption key. The decrypted 
program materials are then encrypted at the host receiver using a copy protection key. 
The copy protection key is generated by the host receiver using content 
30 information decrypted by a receiver key uniquely associated with the host receiver. The 
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content information may comprise a content identifier obtained from the program 
materials, and may also include copy control information. 

The copy protection key is encrypted at th6 host receiver using a host-client 
pairing key shared between the host receiver and client receiver. The encrypted program 
5 materials and the encrypted copyprotection key are then transferred from the host receiver 
to the client receiver. 

The transferred copy protection key received by the client receiver from the host 
receiver is decrypted at the client receiver using the host-client pairing key. The 
transferred program materials received by the client receiver from the host receiver are 
10 then decrypted at the client receiver using the decrypted copy protection key. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Referring now to the drawings in which like reference numbers represent 
corresponding parts throughout: 
15 FIG. 1 is a diagram illustrating an overview of a direct broadcast satellite system 

according to a preferred embodiment of the present invention; 

FIG. 2 is a block diagram showing a typical uplink configuration for a single 
satellite transponder, showing how program materials and program control information 
are uplinked to the satellite by the control center and the uplink center; 
20 FIG. 3A is a diagram of a representative data stream according to the preferred 

embodiment of the present invention; 

FIG. 3B is a diagram of a representative data packet according to the preferred 
embodiment of the present invention; 

FIG. 4 is a simplified block diagram of an integrated receiver/decoder according to 
25 the preferred embodiment of the present invention; 

FIG. 5 is a logical flow illustrating how the host IRD and CAM are operatively 
paired according to the preferred embodiment of the present invention; 

FIG. 6 is a logical flow illustrating how the host and client IRDs are operatively 
paired according to the preferred embodiment of the present invention; and 
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FIG. 7 is a logical flow illustrating how the program materials may be shared 
between host and client IRDs according to the preferred embodiment of the present 
invention. 



DETAILED DESCRIPTION OF PREFERR ED EMBODIMENTS 
In the following description, reference is made to the accompanying drawings 
which form a part hereof, and which show, by way of illustration, several embodiments of 
the present invention. It is understood that other embodiments may be utilized and 
structural changes may be made without departing from the scope of the present 
invention. 

DIRECT BROADCAST SATELLIT E SYSTEM 
FIG. 1 is a diagram illustrating an overview of a direct broadcast satellite system 
100 according to a preferred embodiment of the present invention. The system 100 
includes a control center 102 operated by a service provider in communication with an 
uplink center 104 via a ground link 106 and with subscriber receiving stations 108 via a 
link 1 10. The control center 102 provides program materials to the uplink center 104 and 
coordinates with the subscriber receiving stations 108 to offer various services, including 
key management for encryption and decryption, pay-per-view (PPV), billing, etc. 

The uplink center 104 receives the program materials from the control center 102 
and, using an uplink antenna 1 12 and transmitter 1 14, transmits the program materials to 
one or more satellites 116, each of which may include one or more transponders 118. The 
satellites 1 16 receive and process this program material, and re-transmit the program 
materials to subscriber receiving stations 108 via downlink 120 using transmitter 118. 
Subscriber receiving stations 108 receive the program materials from the satellites 1 16 via 
an antenna 122, and decrypt and decode the program materials using an integrated 
receiver/decoder (TRD) 124. 



I IPLINK CQNFTOI TRATION 



FIG. 2 is a block diagram showing a typical uplink center 104 configuration for a 
single transponder 1 18, showing how program materials and program control information 
are uplinked to the satellite 1 16 by the control center 102 and the uplink center 104. 

One or more channels are provided by program sources 200A-200C, which may 
5 comprise one or more video channels augmented respectively with one or more audio 
channels. 

The data from each program source 200A-200C is provided to a corresponding 
encoder 202A-202C, which in one embodiment comprise Motion Picture Experts Group 
(MPEG) encoders, although other encoders can be used as well. After encoding by the 
10 encoders 202A-202C, the output therefrom is converted into data packets by 
corresponding packetizers 204A-204C. 

In addition to the program sources 200A-200C, data source 206 and conditional 
access manager 208 may provide one or more data streams for transmission by the system 
100. The data from the data source 206 and conditional access manager 208 is provided to 
15 a corresponding encoder 202D-202E. After encoding by the encoders 202D-202E, the 

output therefrom is converted into data packets by corresponding packetizers 204D-204E. 

A system channel identifier (SCED) generator 210, null packet (NP) generator 212 
and system clock 214 provide control information for use in constructing a data stream for 
transmission by the system 100. Specifically, the packetizers 204A-204F assemble data 
20 packets using a system clock reference (SCR) from the system clock 214, a control word 
(CW) generated by the conditional access manager 208, and a system channel identifier 
(SCED) from the SCED generator 210 that associates each of the data packets that are 
broadcast to the subscriber with a program channel. 

Each of the encoders 202A-202C also accepts a presentation time stamp (PTS) 
25 from a multiplex controller 216. The PTS is a wrap-around binary time stamp that is used 
to assure that the video channels are properly synchronized with the audio channels after 
encoding and decoding. 

Finally, these data packets are then multiplexed into a serial data stream by the 
controller 216. The data stream is then encrypted by an encryption module 218, 
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modulated by a modulator 220, and provided to a transmitter 222, which broadcasts the 
modulated data stream on a frequency bandwidth to the satellite 1 16 via the antenna 106. 

REPRESENTATIVE DATA STREAM 
5 FIG. 3 A is a diagram of a representative data stream 300 according to the 

preferred embodiment of the present invention. The first packet 302 comprises 
information from video channel 1 (data coming from, for example, the first program 
source 200A); the second packet 304 comprises computer data information that was 
obtained, for example from the computer data source 206; the third packet 306 comprises 

10 information from video channel 3 (from one of the third program source 200C); the fourth 
packet 308 includes information from video channel 1 (again, from the first program 
source 200 A); the fifth packet 310 includes a null packet (from the NP generator 212); the 
sixth packet 312 includes information from audio channel 1 (again, from the first program 
source 200A); the seventh packet 314 includes information from video channel 1 (again, 

15 from the first program source 200A); and the eighth packet 316 includes information from 
video channel 2 (from the second program source 200B). The data stream therefore 
comprises a series of packets from any one of the program and/or data sources in an order 
determined by the controller 216. Using the SCH), the IRD 124 reassembles the packets 
to regenerate the program materials for each of the channels. 

20 FIG. 3B is a diagram of a representative data packet 318 according to the preferred 

embodiment of the present invention. Each data packet segment 3 18 is 147 bytes long, 
and comprises a number of packet segments 320-326. The first segment 320 comprises 
two bytes of information containing the SOD and flags. The SCED is a unique 12-bit 
number that uniquely identifies the channel associated with the data packet 318. The 

25 flags include 4 bits that are used to control whether the data packet 3 1 8 is encrypted, and 
what key must be used to decrypt the data packet 318. The second segment 322 is made 
up of a 4-bit packet type indicator and a 4 -bit continuity counter. The packet type 
identifies the packet as one of the four data types (video, audio, data, or null). When 
combined with the SCED, the packet type determines how the data packet 3 1 8 will be 

30 used. The continuity counter increments once for each packet type and SCED. The third 
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segment 324 comprises 127 bytes of payload data. The fourth segment 326 is data 
required to perform forward error correction on the data packet 318. 

ENCRYPTION OF PROGRAM MATERIALS 
5 As noted above, program materials are encrypted by the encryption module 218 

before transmission to ensure that they are received and viewed only by authorized ERJDs 
124. The program materials is encrypted according to an encryption key referred to 
hereinafter as a control word (CW). This can be accomplished by a variety of data 
encryption techniques, including symmetric algorithms, such as the data encryption 
10 standard (DES), and asymmetric algorithms, such as the Rivest-Shamir-Adleman (RSA) 
algorithm. 

To decrypt the program material, the IRD 124 must also have access to the 
associated CW. To maintain security, the CW is not transmitted to the IRD 124 in 
plaintext. Instead, the CW is encrypted before transmission to the IRD 124. The 

15 encrypted CW is transmitted to the IRD 124 in a control word packet (CWP), i.e., a data 
packet type as described in FIG. 3B. 

In one embodiment, the data in the CWP, including the CW, is encrypted and 
decrypted via what is referred to hereinafter as an input/output (I/O) indecipherable 
algorithm. An I/O indecipherable algorithm is an algorithm that is applied to an input 

20 data stream to produce an output data stream. Although the input data stream uniquely 
determines the output data stream, the algorithm selected is such that it's characteristics 
cannot be deciphered from a comparison of even a large number of input and output data 
streams. The security of this algorithm can be further increased by adding additional 
functional elements which are non-stationary (that is, they change as a function of time). 

25 When such an algorithm is provided with identical input streams, the output stream 
provided at a given point in time may be different than the output stream provided at 
another time. 

So long as the encryption module 218 and the IRD 124 share the same I/O 
indecipherable algorithm, the IRD 124 can decode the information in the encrypted CWP 
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to retrieve the CW. Then, using the CW, the IRD 124 can decrypt the program materials 
so that it can be displayed or otherwise presented. 

INTEGRATED RECEIVER/DECODER 
5 FIG. 4 is a simplified block diagram of an IRD 124 according to the preferred 

embodiment of the present invention. The IRD 124 includes a tuner 400, a transport and 
demultiplexing module (TDM) 402 that operates under the control of a microcontroller 
404 to perform transport, demultiplexing, decryption and encryption functions, a source 
decoder 406, random access memory (RAM) 408, external interfaces 410, user I/O 412, a 
10 conditional access module (CAM) 414, and conditional access verifier (CAV) 416. 

The tuner 400 receives the data packets from the antenna 122 and provides the 
packets to the TDM 402. Using the SCIDs associated with the program materials, the 
TDM 402 and microcontroller 404 reassemble the data packets according to the channel 
selected by the subscriber and indicated by the user 1/0 412, and decrypt the program 
1 5 materials using the C W. 

Once the program materials have been decrypted, they are provided to the source 
decoder 406, which decodes the program materials according to MPEG or other standards 
as appropriate. The decoded program materials may be stored in the RAM 408 or 
provided to devices coupled to the IRD 124 via the external interfaces 410, wherein the 
20 devices coupled to the IRD 124 can include or a media storage device 418, such as a disk 
drive, a presentation device 420, such as a monitor, or a networked device, such as 
another IRD 124. 

The CAM 414 is typically implemented in a smartcard or similar device, which is 
provided to the subscriber to be inserted into the IRD 124. The CAM 414 interfaces with 
25 the CAV 416 and the TDM 402 to verify that the IRD 124 is entitled to access the 
program materials . 

The CW is obtained from the CWP using the CAV 416 and the CAM 414. The 
TDM 402 provides the CWP to the CAM 414 via the CAV 416. The CAM 414 uses the 
I/O indecipherable algorithm to generate the CW, which is provided back to the TDM 
30 402. The TDM 402 then uses the CW to decrypt the program materials . 
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In one embodiment including a plurality of networked IRDs 124, one of the IRDs 
124 is designated a "host IRD" and each of the other IRDs are designated as a "client 
IRD". In such an embodiment, the host IRD 124 includes all of the components described 
in FIG. 4, while the client IRDs 124 are simpler and do not include a tuner 400, CAM 
414, CAV 416, disk drive 418, or other components, in order to reduce the cost of the 
client IRD 124. The client IRD 124 can be used to request program materials that are 
received or reproduced by the host IRD 124, thus allowing program materials to be 
reproduced at other locations in the home. 

However, in this embodiment, the host and client IRDs 124 share a host-client 
pairing key (HCPK) that is generated by the service provider for the purposes of sharing 
the program materials among the IRDs 124. Consequently, the HCPK permits 
distribution of video content between a host IRD 124 and one or more client IRDs 124 
using a client-to-host pairing. 

OPERATIVE PAIRING THE HOST IRD AND CAM 
FIG. 5 is a logical flow illustrating how the host IRD 124 and CAM 414 are 
operatively paired according to the preferred embodiment of the present invention. 

After the subscriber has purchased and installed the host IRD 124 and associated 
hardware, the subscriber supplies a unique identifier (such as a serial number) for the host 
IRD 124 to the service provider. The unique identifier is itself uniquely associated with a 
secret receiver key (RK). This association is implemented in the IRD 124 itself, and is 
known to the service provider. Thereafter, the service provider determines a pairing key 
(PK) that will be used to encrypt communications between the CAM 414 and the IRD 
124. 

The PK is then encrypted by the service provider using the RK, to produce an 
encrypted PK, denoted ER(PK), wherein the ER( ) indicates that RK encryption is used 
and the PK indicates that the PK is encrypted. A message for the CAM 414 comprising 
the PK and the ER(PK) is generated by the service provider, and the message is encrypted 
using a conditional access message encryption algorithm to produce EM(PK, ER(PK)), 
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wherein the EM( ) indicates that conditional access message encryption is used and the 
PK, ER(PK) indicates that the PK, ER(PK) is encrypted. 

The EM(PK, ER(PK)) is then transmitted to the IRD 124 where it is received by 
the tuner 400 and TDM 402. The TDM 402 routes data packets with the encrypted 
5 message EM(PK, ER(PK)) to the CAM 414 for decryption. 

In the CAM 414, the EM(PK,ER(PK)) is decrypted by a message decryption 
algorithm (EM DECR) 500 to produce the decrypted PK, which is stored in a secure 
memory 502 in the CAM 414. The ER(PK) is provided from the CAM 414 to the TDM 
402, and since it is encrypted using the RK, it is not exposed in plaintext. (In this 
10 embodiment, ER(PK) is delivered to the TDM 402 via the CAM 414, but an alternative 
embodiment might deliver ER(PK) directly to the TDM 402). 

In the TDM 402, the ER(PK) is decrypted by an Advanced Encryption Standard 
(AES) decryption algorithm (AES DECR) 504 using the RK 506 to produce the decrypted 
PK, which is then in a secure memory 508. This PK, now stored in both the IRD 124 and 
15 the CAM 414, is used to encrypt communications between the CAM 414 and the IRD 
124, as desired. 

For example, using the PK, the CAM 414 encrypts the CW to produce EPK(CW), 
wherein the EPK( ) indicates that PK encryption is used and the CW indicates that the 
CW is encrypted. The TDM 402 decrypts the EPK(CW) received from the CAM 414. 
20 Since the EPK(CW) can only be decrypted by an IRD 124 that contains the appropriate 
PK, this cryptographically binds ("pairs") the CAM 414 and the IRD 124. 

OPERATIVELY PAIRING THE HOST AND CLIENT IRDS 
FIG. 6 is a logical flow illustrating how the host and client IRDs 124 are 
25 operatively paired according to the preferred embodiment of the present invention. 

The present invention also provides for pairing between a host IRD 124 and one or 
more client IRDs 124, to ensure that program materials are never shared between the host 
IRD 124 and client IRDs 124 in plaintext. The pairing of the host IRD 124 and client 
IRDs 124 is accomplished by the use of a host-client pairing key (HCPK). 
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As noted above, the subscriber supplies a unique identifier (such as a serial 
number) for the host IRD 124 to the service provider, wherein the unique identifier is 
associated with a secret receiver key (RK), wherein the association is implemented in the 
IRD 124 itself and is known to the service provider. 
5 After activating the host IRD 124, the subscriber can request the activation of 

additional client IRDs 124 using the same method. Consequently, the service provider 
would determine the RK for each of the client IRDs 124 as well. 

Thereafter, the service provider establishes the HCPK for a particular combination 
of host and client IRDs 124. Preferably, the service provider encrypts the HCPK, using 
10 the AES algorithm with RKH, the RK of the host IRD 124, and RKC, the RK of the client 
IRD 124, thereby creating two ER(HPCK) messages containing the encrypted HCPK, i.e., 
ERH(HCPK) for the host IRD 124 and ERC(HCPK) for the client IRD 124. 

The service provider sends one or more messages to the host IRD 124, using an ID 
for the CAM 414 of the host ERD 124 for over-the-air addressing of the message, and 
15 specifying both a Host ID (HID) and a Client ID (CUD), wherein the CLID identifies the 
client IRDs 124 to the host IRD 124. The message is received by the host IRD 124, and 
then stored on disk drive 418 or other non- volatile memory in the host IRD 124. A large 
number of such messages can be stored on the disk drive 418 in the host IRD 124, e.g., 
one for each client IRD 124 networked with the host IRD 124. 
20 Any number of such encrypted versions of the HCPK can be stored in the host , 

IRD 124. For example, there may be a different HCPK for each pairing of a client IRD 
124 networked with the host IRD 124. On the other hand, a host IRD 124 may share the 
same HCPK with all the client IRDs 124. 

Preferably, the host IRD 124 receives both of the ERH(HCPK) and ERC(HPCK) 
25 messages off-air and, at some later time, the ERC(HCPK) for the client IRD 124 is 
obtained by the client IRD 124 from the host IRD 124. This may occur, for example, 
when a client IRD 124 is activated or powered up. 

In both the host and client IRDs 124, the ER(HCPK) (which is either ERH(HPCK) 
or ERC(HCPK)) is decrypted by an AES decryption algorithm (AES DECR) 600 in the 
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TDM 402 using the appropriate RK 602 (which is either the RKH or RKC), and the 
decrypted HCPK is stored in a secure memory 604 in the host and client IRDs 124. 

Consequently, the service provider, through the assignment of the HCPK, 
establishes a client-to-host pairing relationship between the host IRD 124 and one or more 
5 client IRDs 124 forming a network, so that the program materials are shared in secure 
manner within the network. 

SHARING PROGRAM MATERIALS BETWEEN HOST AND CLIENT IRDS 
FIG. 7 is a logical flow illustrating how the program materials may be shared 
10 between host and client IRDs 124 according to the preferred embodiment of the present 
invention. 

In the portion of FIG. 7 labeled "Off- Air Receive," the host IRD 124 receives a 
data stream including the program materials encrypted by the media encryption key CW, 
as well as the encrypted media encryption key EI(CW) itself. The EI(CW) is provided, 

1 5 via the TDM 402, to the CAM 414, where it is decrypted by an I/O indecipherable 
algorithm (EI DECR) 700. The result is the unencrypted media encryption key CW. 

The unencrypted CW is then re-encrypted by the CAM 414 by an AES encryption 
algorithm (AES ENCR) 702 using the PK 704 stored in the CAM 414 to produce a re- 
encrypted media encryption key EPK(CW). 

20 The re-encrypted media encryption key EPK(CW) is provided to the TDM 402, 

where it is decrypted by an AES decryption algorithm (AES DECR) 706 using the PK 708 
stored in the TDM 402, in order to obtain the unencrypted media encryption key CW. 
The unencrypted CW is then stored in a CW storage 710, and used when necessary by a 
Data Encryption Standard (DES) decryption algorithm (DES DECR) 712 to decrypt the 

25 program material. 

In the portion of FIG. 7 labeled "Save to Disk or Transmit to Client IRD," the 
content identification (CID) information 714 is decrypted by an AES decryption algorithm 
(AES DECR) 716 using the RK 718 stored in the TDM 402, in order to generate a CP 
session key for encrypting and decrypting the program materials shared with the client 

30 IRD 124. The CID information 714 preferably comprises a content identifier that is 
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obtained from properties and/or metadata found in the program materials, and may 
include copy control information (CCI). 

After the CP session key is generated by the AES decryption algorithm 716, the 
CP session key is then stored in the memory 720 of the TDM 402. Thereafter, the CP 
5 session key is retrieved from the memory 720 of the TDM 402 for use in encrypting the 
program materials by a 3DES encryption algorithm (AES ENCR) 722. 

Since the program materials are encrypted with the CP session key generated by 
the host IRD 124, the client IRD 124 must be able to receive the CP session key from the 
host IRD 124 in a secure manner. To accomplish this task, the CP session key is 
10 encrypted by an AES encryption algorithm (AES ENCR) 724 using the HCPK 726 stored 
in the TDM 402, to produce an encrypted CP session key EHCPK(CP). 

Finally, both the encrypted program materials and the encrypted copy protection 
key are transferred from the host IRD 124 to the client IRD 124, as represented by 728. 

In the portion of FIG. 7 labeled "Read from Host IRD and Display," the client IRD 
15 124 obtains the encrypted CP session key EHCPK(CP) from the host IRD 124, which is 
then decrypted by an AES decryption algorithm (AES DECR) 730 using the HCPK 732. 
As noted above, the client IRD 124 had been previously been provided the HCPK 732 by 
the service provider. 

After the CP session key is generated by the AES decryption algorithm 730, the 
20 CP session key is then stored in the memory 734 of the TDM 402. Thereafter, the CP 
session key is retrieved from the memory 734 of the TDM 402 for use in decrypting the 
program materials by the AES decryption algorithm (AES DECR) 736. The client IRD 
124 can then display the program materials on a presentation device 420 coupled to the 
client IRD 124. 

25 Consequently, the host IRD 124 can control access to the program materials, by 

selective encryption of the program materials and CP session key that are then transmitted 
to appropriate client IRDs 124. The program materials are only encrypted once, by the 
host IRD 124, and are delivered to the client IRD 124 only in encrypted form, together 
with the CP session key necessary to decrypt the program materials . 
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One of the advantages to this method is that it allows the host IRD 124 to control 
which of the client IRDs 124 receives the program materials . This could be an advantage 
if the service provider wishes to have several tiers of services for the client IRDs 124. 
This could also allow subscribers to selectively control which program materials are 
distributed to which client IRD 124 if limits, either rating or spending, are to be set. Also, 
if a client IRD 124 is suspected of not being in the location indicated or is being used for 
pirating purposes, the distribution of program materials to that client IRD 124 could be 
terminated without disrupting services to other client IRDs 124 in the network. The 
disadvantage of this system would be the number of keys that would be required for each 
pairing and the bookkeeping of all of these keys. Both of these issues are not serious and 
could be overcome by careful system planning. 

As noted above, since this method does not require the client IRD 124 to perform 
any traditional conditional access tasks, no CAM 414 is required on the client IRD 124. 
Also, since the client IRD 124 does not need to receive program materials from an off-air 
signal, no tuner is required in the client IRD 124. Finally, no disk drive 418 is required in 
the client IRD 124, since client IRDs 124 may use the disk drive 418 of the host IRD 124 
as a "virtual" disk. All of this leads to greatly reduced cost of the client IRDs 124. 

CONCLUSION 

The foregoing description of the preferred embodiment of the invention has been 
presented for the purposes of illustration and description. It is not intended to be 
exhaustive or to limit the invention to the precise form disclosed. Many modifications 
and variations are possible in light of the above teaching. 

For example, while the foregoing disclosure presents an embodiment of the 
present invention as it is applied to a direct broadcast satellite system, the present 
invention can be applied to any system that uses encryption. Moreover, although the 
present invention is described in terms of specific encryption and decryption schemes, it 
could also be applied to other encryption and decryption schemes, or to different uses of 
the specific encryption and decryption schemes. Finally, although specific hardware, 
software and logic is described herein, those skilled in the art will recognize that other 
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hardware, software or logic may accomplish the same result, without departing from the 
scope of the present invention. 

It is intended that the scope of the invention be limited not by this detailed 
description, but rather by the claims appended hereto. The above specification, examples 
and data provide a complete description of the manufacture and use of the composition o 
the invention. Since many embodiments of the invention can be made without departing 
from the spirit and scope of the invention, the invention resides in the claims hereinafter 
appended. 
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